X
    X
    X
    X

    GLBA Annual Privacy Notice Eliminated under Certain Circumstances: Buried in a Highway Bill!

    Publications

    On December 4, 2015, President Obama signed the Highway Bill, dubbed Fixing America’s Surface Transportation Act (“FAST Act”), into law. Buried in the 490 page transportation law is a significant amendment to the Gramm-Leach-Bliley Act’s (“GLBA”) annual consumer privacy notice requirement. Specifically, section 75001 of the FAST Act, entitled “Eliminate Privacy Notice Confusion,” exempts from the annual GLBA privacy notice requirement those financial institutions that (i) only share nonpublic personal information pursuant to the vendor/service provider, joint marketing or general exceptions of GLBA (15 U.S.C. § 6802(b)(2) and (e)), or applicable agency regulations prescribed under 15 U.S.C. § 6804(b); and (ii) have not changed their disclosure policies and practices since their most recent consumer privacy notice. Companies that are subject to GLBA should revisit their obligations under the amended law, as well as applicable regulations, to determine whether they are eligible for the exemption, which went into effect December 4, 2015.

    The GLBA amendment seeks to lessen consumer confusion caused by annual consumer notices, and will also decrease the burden of issuing such notices on some companies. This follows a final rule issued by the Consumer Financial Protection Bureau (“CFPB”) last fall, permitting companies subject to CFPB oversight to post their privacy notices online rather than issue individual notices, to the extent that the companies limit data sharing and satisfy other requirements.

    The FAST Act also focuses regulatory attention on the cybersecurity of connected cars, directing the Secretary of Transportation to “assist in the development of cybersecurity research…to help prevent hacking, spoofing, and disruption of connected and automated transportation vehicles.” Further, the FAST Act initiates a study on the potential of Internet of Things to improve transportation services, creates privacy rights relating to data stored in vehicle event data recorders, and addresses regulatory requirements regarding cybersecurity of the electric grid.

    Explore Additional Topics

    Disclaimer

    Please understand that your communications with Locke Lord LLP through this website do not constitute or create an attorney-client relationship with Locke Lord LLP. Any information you send to Locke Lord LLP through this website is on a non-confidential and non-privileged basis. Therefore, do not send or include any information in your email that you consider to be confidential or privileged.